Bug 257587 - security/logcheck: Regex error "egrep: empty (sub)expression"
Summary: security/logcheck: Regex error "egrep: empty (sub)expression"
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: amd64 Any
: --- Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
Depends on:
Reported: 2021-08-03 14:20 UTC by hagen.bauer@caserio.de
Modified: 2021-09-20 15:14 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (yasu)


Note You need to log in before you can comment on or make changes to this bug.
Description hagen.bauer@caserio.de 2021-08-03 14:20:46 UTC
I installed the package with the logfiles auth.log. When running logcheck I get the message

sudo -u logcheck logcheck
egrep: empty (sub)expression

The logfile is there, contains logs and looks normal.
Comment 1 hagen.bauer@caserio.de 2021-08-03 14:22:26 UTC
Similar to https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251775
Comment 2 Dan Langille freebsd_committer 2021-09-19 15:02:31 UTC
For me, this was not the port, it was me https://twitter.com/DLangille/status/1398804202965581826

Try running this to identify the file in question:

echo bash -x /usr/local/sbin/logcheck | sudo su -fm logcheck

See above for details.
Comment 3 hagen.bauer@caserio.de 2021-09-20 05:43:47 UTC
I cant find any strangely named files in the logcheck configuration directory. Also in the output of your command doesnt does not show something like thatn. 

The error doesnt happen every run so it seems to be related to the content of the logfiles.
Comment 4 Dan Langille freebsd_committer 2021-09-20 15:14:09 UTC
In which case, when it happens, run the above command, to see if you can reproduce the issue. That will help identify the file in question. Take a copy of that file and hopefully we can track it down.

Do you have custom files installed with logcheck? I do. Often, it's my own rules which fail.